Notification of single Log File and Multiple Log File

[tsabit]

Hi Team Support Nagios Log Server,

I have question about Nagios Log server.

Can I get email notification IF I get error on Single Log File and Multiple Log File?
example :

- single log file error

2016/10/20 10:55:18,[ERROR],[mmc.mpas.action.prig5.PRIG5W001.PRIG5W001Action],[MMKI_ADMIN],[10.x.x.x],[7rK7rO3Wkbm3NsSMjNo84lD] net.sf.hibernate.exception.GenericJDBCException: Cannot close connection

net.sf.hibernate.exception.GenericJDBCException: Cannot close connection

at net.sf.hibernate.exception.ErrorCodeConverter.handledNonSpecificException(ErrorCodeConverter.java:90)

at net.sf.hibernate.exception.ErrorCodeConverter.convert(ErrorCodeConverter.java:79

- Multiple Log File

[rkennedy]

Yes you should be able to just setup your query to match both type of fields depending on how things are mapped. Does the same exact error appear in the other one as well or is it different?

Could you show us a screenshot of how the data is inputted in NLS?

[tsabit]

Thank you for the reply.

i just asking about POC for candidate of customer.i didn't can appear the log from NLS.

what is your recommendation about disk capacity if i add 18 servers on Nagios Log Server and the retention for 6 month.please assist me

for example if i nstalled ith 100 GB.is it enough of capacity?

Thanks,

Tsabit

[mcapra]

There's a lot of variance in what a typical system needs. Not all log files are created equally unfortunately which makes estimating provisions very difficult. When collecting several thousands of events, there's a big difference between this:

Code: Select all

2016-12-13 16:47:00 xinetd - some message goes here

And this:

Code: Select all

2016-12-13 16:47:00 main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: 

It also depends on what sort of filtering you're going to be doing on these logs. A simply key-value filter is much more lightweight than regex related filters, for example.

You will need to do some testing against your potential sources to get a good idea of what your average traffic is.

[tsabit]

Hi mcapra,

Thank You very much.

do you mean "2016-12-13 16:47:00 xinetd - some message goes here"

and

2016-12-13 16:47:00 main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException:


i didn't get point

how to know much log data on every server or many servers if I use 100 GB on NLS Server?

please assist me.

Regards,

Tsabit

[mcapra]

i didn't get point

One of those messages is 4x longer than the other and consumes more space when being stored and processed. This may seem small when looking at them, but when multiplied by thousands of messages per hour it's a very significant factor in terms of the resources required to handle each message.

how to know much log data on every server or many servers if I use 100 GB on NLS Server?

I'm not completely sure what you mean by this. If we're still on the topic of capacity planning, my previous point of "There's a lot of variance in what a typical system needs." still stands. We usually recommend one well provisioned system (2vCPU, 64GB RAM, 200GB storage) per 20GB daily intake, but again this can vary wildly depending on many different factors.